From 30f99608ffa5a4ce3d403276df5d68a23ec9b338 Mon Sep 17 00:00:00 2001 From: Jose Ivan Vargas Date: Tue, 14 Mar 2017 12:00:00 -0600 Subject: [PATCH] Fixed some missing permission conditions --- app/views/groups/_settings_head.html.haml | 11 +++++++---- app/views/layouts/nav/_group.html.haml | 12 +++++------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/app/views/groups/_settings_head.html.haml b/app/views/groups/_settings_head.html.haml index d225f7ed3c0..d99426bc2c1 100644 --- a/app/views/groups/_settings_head.html.haml +++ b/app/views/groups/_settings_head.html.haml @@ -1,3 +1,5 @@ +- can_admin_group = can?(current_user, :admin_group, @group) +- can_edit = can?(current_user, :admin_group, @group) = content_for :sub_nav do .scrolling-tabs-container.sub-nav-scroll = render 'shared/nav_scroll' @@ -8,7 +10,8 @@ %span Projects - = nav_link(path: 'groups#edit') do - = link_to edit_group_path(@group), title: 'Edit Group' do - %span - Edit Group + - if can_edit && can_admin_group + = nav_link(path: 'groups#edit') do + = link_to edit_group_path(@group), title: 'Edit Group' do + %span + Edit Group diff --git a/app/views/layouts/nav/_group.html.haml b/app/views/layouts/nav/_group.html.haml index 9de0e344196..b2ecf6504e0 100644 --- a/app/views/layouts/nav/_group.html.haml +++ b/app/views/layouts/nav/_group.html.haml @@ -1,5 +1,4 @@ - can_admin_group = can?(current_user, :admin_group, @group) -- can_edit = can?(current_user, :admin_group, @group) .scrolling-tabs-container{ class: nav_control_class } .fade-left = icon('angle-left') @@ -26,9 +25,8 @@ = link_to group_group_members_path(@group), title: 'Members' do %span Members - - if current_user - - if can_admin_group || can_edit - = nav_link(path: %w[groups#projects groups#edit]) do - = link_to projects_group_path(@group), title: 'Settings' do - %span - Settings + - if current_user && can_admin_group + = nav_link(path: %w[groups#projects groups#edit]) do + = link_to projects_group_path(@group), title: 'Settings' do + %span + Settings -- GitLab